Privacy

At Substash, we’re committed to protecting your privacy. This privacy policy explains how we collect, use, and safeguard your information when you use our subscription tracking browser extension, available for Chrome, Brave, Edge, Opera, Vivaldi, and other Chromium-based browsers.

Data controller information

Substash is operated by Chris Lim, who is the data controller responsible for your personal information. Substash is developed as an independent project.

Types of personal data we collect

Identity data:

  • Email address for OTP authentication
  • Unique user identifier for account management

Subscription data:

  • Subscription names, costs, and billing cycles you choose to track
  • Trial periods and renewal dates you enter
  • Notes and categories you assign to subscriptions

Technical data:

  • Extension version and browser type for compatibility
  • Basic usage analytics (feature usage patterns, anonymized)
  • Error logs for debugging purposes (no personal data included)
  • Performance metrics to optimize the extension

Legal basis for data processing

We process your personal data based on:

  • Consent: You provide explicit consent when signing up and using our service
  • Contractual obligations: Processing necessary to provide the subscription tracking service
  • Legitimate interest: Improving our service through anonymous analytics

How we use your data

  • Provide and maintain the subscription tracking service
  • Sync your subscription data across devices
  • Send notifications about upcoming renewals (if enabled)
  • Improve the extension based on usage patterns
  • Provide customer support and respond to inquiries

Data sharing and third parties

We only share your data with essential service providers:

  • Supabase: For secure email/OTP authentication, data storage and synchronization
  • DuckDuckGo: For fetching brand favicons via user-provided website URLs

We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.

Your rights

You have the following rights regarding your personal data:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct any inaccurate or incomplete data
  • Right to erasure: Delete your account and all associated data
  • Right to object: Object to certain types of data processing
  • Data portability: Export your subscription data in a portable format
  • Right to withdraw consent: Withdraw consent at any time

Data security

We implement appropriate security measures to protect your data:

  • Data encryption in transit and at rest
  • Secure email-based authentication with one-time passwords
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis

Data retention

We retain your data only as long as necessary to provide our service. You can delete your account and all associated data at any time through the extension settings. Deleted data is permanently removed from our systems within 30 days.

Service evolution

Substash is currently free while in active development. A future “Supporter” tier may be introduced with optional premium features, but a free tier will always remain available. Any changes to our service model will be communicated well in advance with existing users.

We’re also working to expand browser support, with Firefox support planned for the future in addition to our current Chromium-based browser compatibility.

Children’s privacy

Substash is not intended for use by children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.

Changes to this privacy policy

We may update this Privacy Policy from time to time. We’ll notify users of any significant changes through the extension or our website. We encourage you to review this policy periodically.

Contact us

If you have questions about this Privacy Policy or want to exercise your rights, please email [email protected].